- Windows 8 and Server 2012 "clients" will NOT work with WSUS 3.0 SP2 or any version that isn't shipped with 2012 unless this update is installed BEFORE any clients connect to it.
- If your Win8/2012 clients attempted to talk to an older WSUS server before patching or upgrading, you will need to perform the following before they will update again:
- Net stop wuauserv
- rd /s %windir%\softwaredistribution\
- Net start wuauserv
- If your new WSUS 2012 server is downstream from an older WSUS server, it will have the same effect as if your clients were pulling directly from that older server. All WSUS servers between the clients and MSFT need to be newer or patched.
- According to Microsoft, updates canNOT be scanned by an intermediary... i.e. HTTPS inspection must be turned off on content from Windows Update.
Client errors may manifest themselves as "error 0x80246003". According to the WSUS error table that corresponds to an unrecognized hash. I haven't completed my research yet but I'm guessing that the new endpoints will only honor update packages from MSFT using a new, stronger hash to raise security in the aftermath of the Flame malware.
Sources:
No comments:
Post a Comment